The email and social media accounts of Obama administration officials were recently hacked by members of Iran's Revolutionary Guard, the Wall Street Journal reports.
The attacks are believed to be connected to the recent arrest in Tehran of the Iranian-American businessman Siamak Namazi, who had pushed for stronger economic and diplomatic ties between the U.S. and Iran.
"U.S. officials were among many who were targeted by recent cyber attacks," an unnamed administration official told the Journal. "U.S. officials believe some of the more recent attacks may be linked to reports of detained dual citizens and others."
The cyber attacks targeted officials in the U.S. State Department's Office of Iranian Affairs and Bureau of Near Eastern Affairs, as well as non-governmental academics and journalists.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
A spokesman at Iran's U.N. mission told the Journal that his country has frequently been falsely accused of launching cyber attacks. "Iran itself was [the] target of many cyber attacks," he said.
Iran was the target of the Stuxnet malware, which was designed specifically to disable the country's nuclear facilities.
According to the Journal, U.S. officials say the Revolutionary Guard has an "army" of hackers trained in Russia, who have targeted Wall Street banks, Saudi oil companies, and opponents of the Iranian regime both inside and outside of Iran.
"The threat data, IP addresses and type of malware associated with these attacks should be shared by the Feds immediately with the security community," Fidelis Cybersecurity CSO Justin Harvey told eSecurity Planet by email. "There should also be an immediate inquiry into what could have been accessed or stolen, and the White House should undergo an evaluation of security including changing up their passwords [and] making sure [two-factor authentication] is used as much as possible."
Harvey added that every organization, including the White House, needs a security awareness policy and plan. "This should include a specific and direct effort to make sure high-risk employees like these staffers understand the risks of phishing and the vulnerability of their personal email and social media accounts," he said. "You could go one step further and say that there should be a policy for these employees to mandate usage of two-factor authentication in their non-work accounts."
A recent eSecurity Planet article looked at the importance of providing security training to employees.